Add to collection(s) Add to saved
  1. Social Science
  2. Law
  3. Criminal Justice

ITU-EC HIPSSA Project

advertisement 
ITU-EC HIPSSA Project
Support for Harmonization of the ICT Policies
in Sub-Sahara Africa
Workshop on Namibia National Transposition of SADC Model
Laws on Cybersecurity, Lusaka, 20 August 2013
Cybercrime Training (Needs and Topics)
Presenter: Prof Dr Marco Gercke
International
Telecommunication
Union
Cybercrime
TRAINING IN THE CONTEXT OF A
COMPREHENSIVE APPROACH TO
FIGHT CYBERCRIME
Page: 2
Cybercrime
Assessment of Cybercrime
Assessment
Stakeholder Consultations
Ministries / Government Inst.
Media / Education
General Public
Civil Liberty Groups
Consultation
Drafting Policy
Drafting PPP Strategy
Anti-Cybercrime Policy
Drafing Legislation
Drafting Int. Coop. Strategy
Drafting Crime Prevention S.
page: 3
Developing
Monitoring
S.
Building
Institutional
Capacities
Explanatory Notes
Material for Press
Training for Jud./Pros./Law.
Curriculum for Schools
Supplying Free Tools
Media Campaigns
Equipment Police/Customs
Complain Center
Drafting
Implement.
Coordinator with authority
Assessment Cybercrime
Policy
Asm. Institutional Capacities
Champion
Assessment of Legislation
Champion
Asm. Cybersecurity Strategy
Somebody doing
the work
Assessment Nat. ICT Strategy
Somebody doing
the work
INTERDEPENDENCE
Cybercrime
COMPONENT 1: TECHNOLOGY
page: 4
Cybercrime
TECHNOLOGY
•
Training should include training on
technology
•
Level of detail of the training on
technology is depending on the target
audience. While judges and
prosecutors might only need an
overview Cybercrime investigators will
need in depth training
Page: 5
Cybercrime
NETWORK CONCEPT
Access Provider
85.1.3.44
Provides an IP Address that is required to
communicate. Allows upload and download of data
Hosting Provider
Stores data for a
content provider
124.222.121.1
User
Wants to download
From www.xxx.com
Domain Name Server
Translates domain names (like www.xxx.com
into an IP Address
xxx.com = 85.1.3.44
211.1.3.88
Content Provider
Anybody who produces data
Routers
Forward the request to the right server
Page: 6
Cybercrime
PHENOMENA
page: 7
Cybercrime
PHENOMENA
•
Training should include training on
phenomena of Cybercrime
•
Area with great dynamics
•
Such training could also be interesting
for the press and the general public in
order for them to understand how such
crime is committed
•
The following slides contain some
examples (excerpts)
Page: 8
Cybercrime
DATA ESPIONAGE
•
Valuable and secret information are
often stored without adequate
protection
•
Lack of self-protection especially with
regard to small businesses and private
computer users

• Development of protection-plans are
often inadequate (eg. change of harddrive without deleting sensible
information in advance)
Page: 9
Picture removed in print version
Bild zur Druckoptimierung entfernt
KEYLOGGER
Cyberwarfare
INTRODUCTION
Iran Oil Terminal
Duqu
Stuxnet
09
page: 10
10
Flame
11
12
Cybercrime
GROOMING
•
The ultimate aim of the offender is
often to meet and sexually abuse the
child – which requires the presence of
the offender at the location of the child
ADULT:
CHILD:
ADULT:
‘Shortly described you have THREE
options to earn money through us:
1-Images (you can earn between
50-200 for each series, i.e. 16
images) 2-Web shows [...]
it sounds ok, but I think I start with
the images...
send a couple of images of yourself
so I can get a better understanding
of how you look ...because then we
can start with the fun: namely to
discuss prices ;)
CHILD:
[Child sending over images]
ADULT:
more .. any in full figure? more?
Picture removed in print version
CHILD:Bild zur
[Child
sending over images]
Druckoptimierung entfernt
GROOMING CHAT
page: 11
Cybercrime
DEVELOPMENT
page: 12
Cybercrime
PHENOMENA
•
Training should include training the
development of Cybercrime
•
Computer crime and Cybercrime is
known for more than 50 years
•
A lot of important things can be
learned by studying the past
developments
Page: 13
Cybercrime
196oth
•
Introduction of transistor based
computer systems lead to an
increasing use of computers
•
Offences at this time were focusing
on the physical damage of
computer systems and data
•
Example: Student riot cause a fire
that destroyed computer systems
at a university in Canada
Picture removed in print version
Bild zur Druckoptimierung entfernt
Source: Wikipedia with ref. to US
Gov.
page: 14
Cybercrime
COMPUTER ATTACK / BOTNET
Growing number of users of the Internet goes Attacks against computer systems
along with a growing number of hacking attacksin Georgia during armed conflict
Hacking attack against
airport control system
Attacks against computer systems
in Estonia during political conflicts
Largest botnets: 100.000 bots
Largest botnets: 12.000.000 bots
97
98
99
00
01
Legal Response
Phenomena
Page: 15
02
03
04
05
06
07
08
09
10
11
Cybercrime
EXTENT OF
CRIME
page: 16
Cybercrime
UNCERTAINTY REGARDING
EXTENT
HEIISE NEWS 27.10.2007
•
Lack of reporting leads to uncertainty
with regard to the extent of crime
•
This is especially relevant with regard
to the involvement of organized crime
•
Available information from the crime
statistics therefore not necessary
reflect the real extent of crime
Page: 17
Picture States
removed in
print version
The United
Federal
Bureau of
Bild zur Druckoptimierung entfernt
Investigation has requested companies not to
keep quiet about phishing attacks and attacks
on company IT systems, but to inform
authorities, so that they can be better informed
about criminal activities on the Internet. "It is a
problem for us that some companies are
clearly more worried about bad publicity than
they are about the consequences of a
successful
hacker attack," explained Mark Mershon,
acting head of the FBI's New York office.
Cybercrime
LATEST
TRENDS
page: 18
Cybercrime
LATEST TRENDS
•
The training should include training in
relation to latest trends
•
A regular update on the latest
developments will not only be
important for investigators but also the
general public
•
Example: Liberty Reserve (Money
Laundering), AP Twitter Account Hack
and stock market manipulation
Page: 19
Cybercrime
TRAINING FOR
JUDGES
page: 20
Cybercrime
TRAINING FOR JUDGES
•
Training for judges may include an
overview about technology and
investigation techniques
•
The focus will most likely be on
substantive criminal law
•
Training may also include components
on electronic evidence
Page: 21
CYBERCRIME
DEFAMATION AND LIBEL
SEC 265 CC OF QUEENSLAND
•
Internet enables possibilities to
anonymously post information on
websites
•
This enables the offender to publish
defamatory content and make it much
more difficult for investigators to
identify the offender
page: 22
Picture removed
in print version
365 Criminal
defamation
Bild zur Druckoptimierung entfernt
(1) Any person who, without lawful excuse,
publishes matter defamatory of another living
person (the relevant person)—
(a) knowing the matter to be false or without
having regard to whether the matter is true or
false;
and
(b) intending to cause serious harm to the
relevant person or any other person or without
having
regard to whether serious harm to the relevant
person or any other person is caused;
commits a
misdemeanour. Maximum penalty—3 years
imprisonment.
Cybercrime
ELECTRONIC EVIDENCE
•
Emerging relevance of digital evidence
influences the procedures in court
•
Influence is not limited to the fact that
courts need to deal with digital
evidence
•
Even the design of courtrooms is
influenced
Page: 23
Cybercrime
TRAINING FOR CYBERCRIME
INVESTIGATORS
page: 24
Cybercrime
TRAINING FOR INVESTIGATORS
•
Cybercrime investigators may require
a very intensive training due to the
complexity of the subject matter
•
This especially includes technology
and investigation techniques
•
Training should include practical
elements and simulations
Page: 25
Cybercrime
IMPORTANCE OF UPDATES
•
Constant training is necessary as
technology is changing
•
Experts working in this field need to be
aware about the consequences of the
latest technical trends for
investigations
•
Example: Advice to unplug cord from
computer can lead to an encryption of
the hard drive if the suspect activated
whole disc encryption
Seite: 26
Picture removed in print version
Bild zur Druckoptimierung entfernt
US FIRST RESPONDER GUIDE 3RD
ED.
Cybercrime
IMPORTANCE OF UPDATES
•
If the suspect is using encryption
technology disconnecting the computer
system from electricity could hinder
access to evidence
•
Live forensics may be required
Picture removed in print version
Bild zur Druckoptimierung entfernt
US FIRST RESPONDER GUIDE 3RD
ED.
•
In addition to technical capacities to
undertake live forensics (e.g. software,
hardware) there might be a need for a
solid legal foundation as live forensics
might interfere with the integrity of
evidence
Page: 27
Cybercrime
TRAINING
FOR
POLICE
page: 28
Cybercrime
GENERNAL TRAINING FOR
POLICE
•
In addition to the special training for
Cybercrime investigators a general
training for the police should be
organized
•
Background: Electronic evidence is
becoming more and more relevant not
only in Cybercrime cases but also
when it comes to traditional crimes
(such as murder cases)
Page: 29
Cybercrime
TRAINING FOR
LEGAL DRAFTERS
page: 30
Cybercrime
LEGAL DRAFTERS
•
In order to finalize the draft Bills and
implement them into the national
legislation legal drafters might require
additional training
•
This will especially help them to
understand differences between the
SADC model law and some
international standards
•
Some differences are a result of
correcting mistakes in older
international standards (see next slide)
Page: 31
Cybercrime
EXAMPLE: CHILD PORNOGRAPHY
•
As cooperation requires legislation
gaps can have significant impact
•
In the early discussion about legal
response to an online distribution of
child pornography the drafter of
regulations focused on digital images
•
Today not only images and videos but
also audio recordings of the sexual
abuse of children are distributed online
•
Older approaches often use language
(such as “visually” or “image”) that
excludes such material
Page: 32
Convention on Cybercrime
in print
2. ForPicture
the removed
purpose
ofversion
paragraph 1
Bild zur Druckoptimierung entfernt
above, the term “child pornography”
shall include pornographic material that
visually depicts:
a. a minor engaged in sexually explicit
conduct;
b. a person appearing to be a minor
engaged in sexually explicit conduct;
c. realistic images representing a minor
engaged in sexually explicit conduct.
EU Directive Child Pornography 2011
Picturepornography’
removed in print version
(c) ‘child
means:
Bild zur Druckoptimierung entfernt
(i) any material that visually depicts a
child engaged in real or simulated
sexually explicit conduct;
Cybercrime
EXAMPLE: CHILD PORNOGRAPHY
•
As cooperation requires legislation
gaps can have significant impact
•
In the early discussion about legal
response to an online distribution of
child pornography the drafter of
regulations focused on digital images
•
Today not only images and videos but
also audio recordings of the sexual
abuse of children are distributed online
•
Older approaches often use language
(such as “visually” or “image”) that
excludes such material
Picture removed in print version
Bild zur Druckoptimierung entfernt
IOL News 2011
Picture removed in print version
Bild zur Druckoptimierung entfernt
US Training Manual
Page: 33
Cybercrime
EXAMPLE: CHILD PORNOGRAPHY
•
SADC Model Law consequently avoids
the term “visually”
•
In addition the definition of the model
legislative text contains a clarification
that audio material is included
Page: 34
SADC MODEL LAW
Picturepornography
removed in print version
(8) Child
means
Bild zur Druckoptimierung entfernt
pornographic material that depicts
presents or represents:
(a) a child engaged in sexually explicit
conduct;
(b) a person appearing to be a child
engaged in sexually explicit conduct; or
(c) images representing a child
engaged in sexually explicit conduct;
this includes, but is not limited to, any
audio, visual or text pornographic
material.
Cybercrime
GENERAL PUBLIC
page: 35
Cybercrime
GENERAL PUBLIC
•
As part of a crime prevention strategy
general training could be organized for
the general public
•
Such training could include an
overview about how crimes are
committed and how to prevent
becoming victim of such crime
•
This may include a special training for
schools and universities
Page: 36
Cybercrime
Understanding
Cybercrime
ITU
Seite: 37
38
Thank you for your attention!
INTERNATIONAL TELECOMMUNICATION UNION
Related documents
Prof. Dr. Marco Gercke  Director, Cybercrime Research Institute     
Prof. Dr. Marco Gercke  Director, Cybercrime Research Institute     
Child Online Protection Ian Godfrey Mileng Manager
Child Online Protection Ian Godfrey Mileng Manager
Julie Inman Grant, Director of  Internet Safety and Security Microsoft  Asia Pacific
Julie Inman Grant, Director of  Internet Safety and Security Microsoft  Asia Pacific
International Cooperation in Cybercrime Investigations
International Cooperation in Cybercrime Investigations
An Introduction to Cyber Crime
An Introduction to Cyber Crime
The Society for the Policing of Cyberspace
The Society for the Policing of Cyberspace
1 MISSION - CYBERSECURITY MODEL LAWS INTO NATIONAL
1 MISSION - CYBERSECURITY MODEL LAWS INTO NATIONAL
Download
advertisement